lokibot | dde7950ecda93369884657b7c452fc3d2f206d5576a31a37fb07ddac829135a0 | Triage

Sharing

General

Target

ba12ee7bb247db821c71b642f5f02893_JaffaCakes118
Size

698KB
Sample

241202-zfb4ha1qbs
MD5

ba12ee7bb247db821c71b642f5f02893
SHA1

2117395f7a8526d4cb0633d297d4344e39c09a62
SHA256

dde7950ecda93369884657b7c452fc3d2f206d5576a31a37fb07ddac829135a0
SHA512

b6a69243ccbdf10b7a49e858636401207382ce8d059ef95510a41f83502ec29f1cd50bfd67596a12470a11a391cb96022162369ee808487a9fcc143ee4ec654f
SSDEEP

12288:IYzNHK7zbLkx0RkQ0djQGo2zsko5KdT+WZz4rG7v:PzgXLK0Rr0R2koIdT+O8rG7

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ba12ee7bb247db821c71b642f5f02893_JaffaCakes118
- Size
  
  698KB
- MD5
  
  ba12ee7bb247db821c71b642f5f02893
- SHA1
  
  2117395f7a8526d4cb0633d297d4344e39c09a62
- SHA256
  
  dde7950ecda93369884657b7c452fc3d2f206d5576a31a37fb07ddac829135a0
- SHA512
  
  b6a69243ccbdf10b7a49e858636401207382ce8d059ef95510a41f83502ec29f1cd50bfd67596a12470a11a391cb96022162369ee808487a9fcc143ee4ec654f
- SSDEEP
  
  12288:IYzNHK7zbLkx0RkQ0djQGo2zsko5KdT+WZz4rG7v:PzgXLK0Rr0R2koIdT+O8rG7
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan